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WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 27 January 2010 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 1-15,21-25,31 ,33,35,37 and 39 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

Claim(s) is/are allowed. 

6) IEI Claim(s) 1-15.21-25 and 39 is/are rejected. 

7) [x] Claim(s) 31, 33, 35 and 37 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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application from the International Bureau (PCT Rule 17.2(a)). 
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Detailed Action 

This office action is in response to the correspondence received on January 27, 2010. 

Allowable Subject Matter 

Claims 31 , 33, 35 and 37 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim1-15, 21-25 and 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over "Network Intrusion Detection: Evasion, Traffic Normalization, and 
End-to-End Protocol Semantics," by Mark Handley and Vern Paxson in view of Hurst et 
al (US Patent No: 6,192,404), hereafter referred to as Handley and Hurst, respectively. 

1 . With regards to claims 1,6,11 and 21 , Handley teaches through Hurst, a method 
of blocking attacks on a protected computer network, comprising: receiving a 
plurality of packets from a network, each said packet having a packet time to live 
(TTL) value and belonging to a corresponding packet flow (equivalent to the 
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normalizer receiving packets; see p. 6, right column, item 3, Handley); storing the 
smallest packet TTL value received from each said corresponding packet flow; 
and prior to transmitting each said packet, setting said packet TTL value to said 
smallest packet TTL value received for said corresponding packet flow (Handley 
discloses setting the TTL to the minimum; see p. 9, left column, TTL solution #3, 
Handley). 

While Handley teaches setting the TTL to a minimum based on a path length, 
Handley does not explicitly teach setting the TTL to the necessarily the smallest 
packet TTL value. In the same field of endeavor, Hurst also teaches a network 
that sets the TTL to a minimum based on path length; see column 7, lines 1-13, 
Hurst. Within Hurst's disclosure, it is taught how the TTL of the packet and the 
minimum TTL are compared and the TTL is set to whichever is lower; see 
column 7, lines 27-31, Hurst. Setting a TTL to a particular value can help set a 
baseline for what TTL a regular packet would have. Hence it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Handley with those of Hurst to define a TTL for a 
normal packet to filter out possible network attacks. 

2. With regards to claims 2, 7, 12 and 22, Handley teaches through Hurst, the 
method wherein said storing the smallest packet TTL value comprises: 
associating an epoch with said stored smallest packet TTL value; and if said 
epoch is greater than a predefined value, discarding said stored smallest packet 
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TTL value (equivalent to the restoring TTL disclosed by Handley; see p. 9, left 
column, "Effect on semantics," Handley). 



3. With regards to claims 3, 8, 13 and 23, Handley teaches through Hurst, the 
method further comprising periodically resetting said stored smallest packet TTL 
value to a maximum value (such steps are performed by the normalizerin 
Handley's disclosure; see p. 16, right column, item 21, Handley). 



4. With regards to claims 4, 9, 14 and 24, Handley teaches through Hurst, the 
method wherein said setting said packet TTL value comprises: determining if 
said corresponding packet flow is on an unrestricted list; and if said 
corresponding packet flow is on said unrestricted list, setting said packet TTL 
value to a maximum value (Handley's design sets the TTL large to allow the 
packet to travel unrestricted by time; see p. 4, right column, 4 th paragraph, 
Handley). 



5. With regards to claims 5, 10, 15 and 25, Handley teaches through Hurst, the 
method wherein said setting said packet TTL value comprises: determining if 
said corresponding packet flow is on an unrestricted list; and if said 
corresponding packet flow is on said unrestricted list, leaving said packet TTL 
value unchanged (see p. 15, left column, first paragraph, Handley). 
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6. With regards to claim 39, Handley teaches through Hurst, the method wherein: 
for each said packet, said packet TTL value is a value stored within the header of 
that packet; and the method further comprises transmitting each said packet 
across the protected computer network, said packet being configured to expire 
after a number of hops equal to said smallest packet TTL value received for said 
corresponding packet flow (A TTL (time to live) defines the time till expiration of a 
packet. Within Handley and Hurst the TTL is based on the path (number of 
hops); see column 7, lines 5-8, Hurst and p. 9, left column, TTL solution #3, 
Handley). 

7. The obviousness motivation applied to independent claims 1 , 6, 1 1 and 21 are 
applicable towards their respective dependent claims. 



Response to Arguments 

Applicant's arguments filed January 27, 2010 have been fully considered but they 
are not persuasive. In lieu of the latest arguments, the 103 rejections to claims 31, 33, 
35 and 37 have been withdrawn. However new claim 39 has been rejected. The 
following are the examiner's response to the applicant's principle concerns. 

The first point of contention addressed by the applicant concerns the claim 
limitation of "setting a packet TTL value to the smallest packet TTL value received for a 
corresponding packet flow." The applicant contends that the prior arts of record fail to 
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teach such a claim limitation and that the two arts are not analogous. The examiner 
respectively disagrees. Both Handley and Hurst teach the setting of network packet 
TTL based on path length. Handley discloses setting the TTL to the minimum; see p. 9, 
left column, TTL solution #3, Handley. However Handley does not explicitly teach 
setting the TTL necessarily to the smallest packet TTL value. In the same field of 
endeavor, Hurst also teaches a network that sets the TTL to a minimum based on path 
length; see column 7, lines 1-13, Hurst. Within Hurst's disclosure, it is taught how the 
TTL of the packet and the minimum TTL are compared and the TTL is set to whichever 
is lower; see column 7, lines 27-31, Hurst. Setting a TTL to a particular value can help 
set a baseline for what TTL a regular packet would have. This baseline definition helps 
identify the TTL for a normal packet and hence, helps filter out suspicious packets from 
normal ones to thwart possible network attacks. 

The second point of contention addressed by the applicant concerns the 
relevance of the prior arts. The applicant argues that the prior arts are not applicable 
because they do not teach protecting a network against attacks. This argument is not 
deemed persuasive. The claimed protecting a computer network is only recited within 
the preamble of the claims. The recitation "blocking attacks on a protected computer 
network" has not been given patentable weight because the recitation occurs in the 
preamble. A preamble is generally not accorded any patentable weight where it merely 
recites the purpose of a process or the intended use of a structure, and where the body 
of the claim does not depend on the preamble for completeness but, instead, the 
process steps or structural limitations are able to stand alone. See In re Hirao, 535 
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F.2d 67, 190 USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 152, 88 
USPQ478, 481 (CCPA 1951). 

The third point of contention addressed by the applicant concerns the limitations 
of claim 31 . After reconsideration of the claim language in light of the arguments, the 
rejection to claims 31, 33, 35 and 37 have been withdrawn and remains objected to. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AZIZUL CHOUDHURY whose telephone number is 
(571)272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Vivek Srivastava can be reached on (571) 272-7304. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/A. C.I 

Examiner, Art Unit 2445 

A/IVEK SRIVASTAVA/ 

Supervisory Patent Examiner, Art Unit 2445 



